Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

Published byUlises Hopes Modified over 10 years ago

Similar presentations

Presentation on theme: "PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin."— Presentation transcript:

1 PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin

2 Agenda Why are we here? Why do you want a PKI? Implementation Models And a word or 2 about trust model(s) Functional Requirements Some options for Higher Ed. Case study: University of Wisconsin Case study: University of Virginia Q & A

3 Why are we here? Asymmetric cryptography is a tool Information integrity and/or security PKI adds identity context & trust model Deployment has been slow but there are new drivers e-business and accountability Scalable secure and/or trusted email High assurance digital credentials

4 Why do you want a PKI? First step in implementation planning Typical application areas: Identity credentials Scalable secure email (s/mime) digital document signing Other apps include: Document integrity (web sites, digital archive) Infrastructure protection (IPSEC)

5 Implementation Models Many different ways to get PKI services No one perfect way for all campuses Cost models may vary greatly depending on size of campus Biggest differences are functional capabilities & flexibility a priori trusted certificates

6 Implementation Models (cont.) Stand-alone PKI for local use PKI as part of a larger community Commercial PKI services Partial outsource Full outsource Bridged PKI

7 Stand-alone PKI Root CA cert is distributed as needed Policy is campus business rules Trust is implicit All support is local

8 Part of a PKI Hierarchy Enables trust across communities Common root cert is distributed as needed May be a challenge Policy is defined by the common TA

9 PKI Trust Model(s) Important if certificates are to be used with external parties Trust Anchor defines certificate policy for a homogeneous PKI Relying Parties must Understand TA CP Identify which policy(s) it will accept Hold a copy of the TA (root CA) certificate

10 Bridged PKIs Enables trust across communities Each campus retains its own trust anchor Policy is mapped through the Bridge Bridges can/will interconnect too

11 What a Bridge look like to RP RP trusts its TA to map trust (CP OIDs) appropriately TA trusts Bridge to map trust appropriately Policy is critical!

12 Commercial PKI Service Trust across Providers customers Policy is Providers CP Most Providers place TA certs in browsers, etc. Apps a priori trust them (?) Campus may still need to support the RA function If not, how does RA relate to campus Id Mgmt system?

13 Functional Requirements Multiple certs per individual Different cert types Dual certs and key escrow Normal versus high assurance certs Certificate extensions and/or SIA Real-time certificate status Subordinate CAs Infrastructure certs Transient certs

14 Some options for Higher Ed. U.S. Higher Ed. Root (USHER) Higher Ed. Bridge CA (HEBCA) Commercial PKI services Widely varying features & per user costs EDUCAUSE Identity Management Services Program (IMSP)

15 Case Studies University of Wisconsin Nick Davis, PKI Program Manager UW, Madison University of Virginia Jim Jokl, Director Communications and Systems

16 Q & A dlwasley@earthlink.net ndavis1@wisc.edu jaj@virginia.edu

Download ppt "PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin."

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
1 PKI Buy vs. Build Decision at UW-Madison Presented by Nicholas Davis PKI Project Leader UWMadison, Division of Information Technology.

1 PKI Buy vs. Build Decision at UW-Madison Presented by Nicholas Davis PKI Project Leader UWMadison, Division of Information Technology.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.

1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
PKI Past, Present and Future at the UW Nicholas Davis, PKI Project Leader Eighth Annual Educause PKI Summit.

PKI Past, Present and Future at the UW Nicholas Davis, PKI Project Leader Eighth Annual Educause PKI Summit.
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Similar presentations

Ads by Google